Offline Names Addressing Online Community Web Pages

ABSTRACT

Avoidance criteria are obtained and used to help prevent offline encounters between members of an online community by limiting online communications between members who share some aspect of offline life, thereby reducing the risk of offline encounters that could otherwise arise from online interaction. For each member of the online community, a system provider obtains one or more avoidance criteria ratified by the member and associates them with the member. Avoidance criteria include aspects of the member&#39;s offline life, such as geographic regions in which the member resides or plans to travel, organizations in which the member is active, and other interests and activities of the member. Respective avoidance criteria of different members are compared to determine whether the members share at least one avoidance criterion. Online communication between members who share an avoidance criterion is automatically limited.

RELATED APPLICATIONS

The present application incorporates and claims priority to each of the following: U.S. provisional patent application Ser. No. 60/865757 filed Nov. 14, 2006; U.S. provisional patent application Ser. No. 60/866418 filed Nov. 18, 2006; and U.S. provisional patent application Ser. No. 60/868619 filed Dec. 5, 2006.

BACKGROUND

Social network services are provided online for communities of people who share interests. Social network services provide ways for members of an online community to learn about each other, such as directories, profiles, personal pages, and search facilities. Social networks also build on or provide ways for members of an online community to communicate electronically with each other, such as chat, email, instant messaging, blogs, forums, video transmissions, and discussion groups.

Members of a social network may use the social network to arrange meetings with other members in person offline for dating, friendship, business, or philanthropic activities. Some social networks sponsor offline meetings between people who have communicated online through the social network. People who meet online may also exchange offline contact information, or be notified online of offline events based on their online expressions of interest, for example.

SUMMARY

In connection with some embodiments, avoidance criteria are obtained and used to help prevent offline encounters between members of an online community by limiting online communications between members who share some aspect of offline life. For instance, if two members each reside in the same metropolitan region then measures are used to limit (or to eliminate) their opportunities for online interaction, thereby reducing the risk of offline encounters that could otherwise arise from online interaction.

In some embodiments, a member of an online community receives a notice that communications in the online community will be regulated to reduce online communication between members of the online community who share at least one avoidance criterion. For each member of the online community, a system provider obtains one or more avoidance criteria ratified by the member and associates them with the member. Avoidance criteria may include aspects of the member's offline life, such as geographic regions in which the member resides or plans to travel, organizations in which the member is active, and other offline interests and activities of the member. Respective avoidance criteria of different members are compared to determine whether the members share at least one avoidance criterion. Online communication between members who share an avoidance criterion is limited, to reduce the risk of offline encounters that could otherwise arise from online interaction.

The examples given are merely illustrative. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter. Rather, this Summary is provided to introduce—in a simplified form—some concepts that are further described below in the Detailed Description. The innovation is defined with claims, and to the extent this Summary conflicts with the claims, the claims should prevail.

DESCRIPTION OF THE DRAWINGS

A more particular description will be given with reference to the attached drawings. These drawings only illustrate selected aspects and thus do not fully determine coverage or scope.

FIG. 1 is a block diagram illustrating an operating environment, some roles, some data structures, and some system and configured storage medium embodiments;

FIG. 2 is a flow chart illustrating steps of some method and configured storage medium embodiments from a point of view of a member of an online community; and

FIG. 3 is a flow chart illustrating steps of some method and configured storage medium embodiments from a point of view of a service provider who facilitates an online community.

DETAILED DESCRIPTION

Overview

Reference will now be made to exemplary embodiments such as those illustrated in the drawings, and specific language will be used herein to describe the same. But alterations and further modifications of the features illustrated herein, and additional applications of the principles illustrated herein, which would occur to one skilled in the relevant art(s) and having possession of this disclosure, should be considered within the scope of the claims.

The meaning of terms is clarified in this disclosure, so the claims should be read with careful attention to these clarifications. Specific examples are given, but those of skill in the relevant art(s) will understand that other examples may also fall within the meaning of the terms used, and within the scope of one or more claims. Terms do not necessarily have the same meaning here that they have in general usage, in the usage of a particular industry, or in a particular dictionary or set of dictionaries. Reference numerals may be used with various phrasings, to help show the breadth of a term. Omission of a reference numeral from a given piece of text does not necessarily mean the content of a Figure is not being discussed by the text. The inventor asserts and exercises his right to his own lexicography. Terms may be defined, either explicitly or implicitly, here in the Detailed Description and/or elsewhere in the application file.

As used herein, a “computer system” may include, for example, one or more personal computers (portable or not), servers, personal digital assistants, cell or mobile phones, and/or device(s) having a processor controlled at least in part by instructions. The instructions may be in the form of software in memory and/or specialized circuitry. In particular, although it may occur that many embodiments run on personal computers and/or on servers, other embodiments may run on other computing devices, and any one or more such devices may be part of a given embodiment. Terms such as “computerized” refer to devices having a microprocessor and memory, not merely to personal computers or servers.

“Electronic” refers to digital and/or analog electronic circuitry.

“Automatic” means without requiring ongoing real-time human input or guidance to perform the immediately contemplated operation.

Operating Environment

With reference to FIG. 1, roles within an operating environment for an embodiment may include one or more members 100 of an online community 102, and a service provider 104. In a given configuration, the service provider 104 may also be a member of the online community. An online community may have more than one service provider, e.g., it may have both an internet service provider (ISP) and an online community services provider (OCSP), with service provider 104 services being provided by either of these or by both the ISP and the OCSP, depending on the configuration. Commercial embodiments may operate on an ad-revenues business model, on a user-fee model (e.g., with anonymous payments), and/or on other business models.

In some configurations, the service provider 104 provides general-purpose services such as email, web page hosting and message forum hosting, which have been adapted by or on behalf of members 100 for uses specific to the online community. In some configurations, the service provider 104 provides services that are specific to the online community, such as online profile editing software. In some configurations, the service provider 104 provides both general-purpose services and specific services to support the online community.

Because of space limitations, FIG. 1 shows only two members 100 and only one service provider 104. However, a given configuration may include one or more service providers with zero or more members, or one or more members with zero or more service providers, depending on the requirements of the embodiment being discussed. Each of these entities may also belong to or facilitate one or more online communities 102 in a given configuration.

An operating environment for an embodiment may include, for instance, a member computer system 106 and a service provider computer system 108. Each computer system 106, 108 has a processor 120 and a memory 122 which operate together to provide functionality discussed herein. Different member computer systems 106 need not be identical with each other. Each member computer system 106 has distinctive computing characteristics 112, such as an associated IP address, which can be used by geolocation software in some embodiments to place the member computer system within a geographic territory. The service provider system 108 will generally include avoidance criteria management and analysis software 114 which is not present on the member computer systems 106.

Service provider avoidance criteria management and analysis software 114, like other software discussed herein, includes software instructions that are executable by a processor 120 and also includes data which is created, modified, referenced, structured, and/or otherwise used by the instructions. The software's instructions and data configure the memory(ies) 122 in which they reside. For example, the software may configure a removable memory device 130 such as a DVD or a flash memory even when that memory device is not plugged into a computer system. The software may also configure a memory 122 that is a functional part of a given computer system, such as RAM or a plugged-in removable memory 130, in which case the software instructions and data also configure the given computer system.

Networking interface equipment 134 such as a packet-switched network interface card, a wireless transceiver, or a telephone network interface, for example, will generally be present in a computer system 106. Peripheral equipment 134 such as human user I/O devices (screen, keyboard, mouse, microphone, speaker, motion sensor, etc.) will also generally be present in operable communication with the processor 120 and the memory 122. However, a software embodiment for transforming data representing real-world characteristics, for example, may also be so deeply embedded, such as on a service provider server 108, that the software in the embodiment has no human user interaction through human user I/O devices during normal operation.

An operating environment for an embodiment may include a single member computer system 106 and/or a single service provider computer system 108. A given embodiment may also include two or more computer systems 106, 108, linked to one another for networked communication.

Each computer system 106, 108 may run any network and operating system software 132, and may use any network interface equipment and other peripheral equipment 134, now known or hereafter formed. The operating environment may include member computer systems 106 that are client-server networked and/or peer-to-peer networked.

Member Systems

In some embodiments, a computer system 106 configured for use by a member 100 of an online community 102 includes a memory 122 configured with computer-executable instructions, and a processor 120, coupled with the memory, that executes instructions. The instructions are part of software with which the member 100 electronically ratifies an avoidance set 116 as a member of the online community. The avoidance set 116 includes at least one avoidance criterion 118. The computer system 106 also electronically provides a notice 124 that communications 110 within the online community between members of the online community will be regulated in order to reduce online communication between members who share at least one avoidance criterion. In some embodiments, the notice 124 also states that this regulation will be done without telling members 100 which avoidance criteria 118 they share. Some examples of electronic communications 110 include an email, an instant message, a blog entry, a blog comment, a forum posting, a video file or stream, a voip communication, a web page access, a voicemail, a text message.

In some embodiments, the processor coupled with the memory executes instructions for displaying selectable avoidance criteria 126 and for obtaining an avoidance criterion selection, e.g, from a member 100 who uses a mouse 134 or a key 134 to select an item from a list of avoidance criteria 118 in a graphical or other user interface 128. In some embodiments, the avoidance criteria 118 in a personal avoidance set 116 may have been selected from displayed avoidance criteria 126 by the member 100 through the user interface 128, may have been entered as freeform text by a member 100, and/or may have been added to the member's avoidance set 116 automatically by service provider 104 software.

In some embodiments, the processor coupled with the memory executes instructions for obtaining multiple avoidance criteria 118 combined in a Boolean expression 136. For example, a member may want to avoid online interaction in the community 102 with any members who reside in the member's home state and also with any members who reside in two neighboring states. Toward that goal, the member may use a Boolean AND operator to create an expression 136 combining three states into a single avoidance territory 118. Other Boolean operations may also be supported.

Use of the member's residence as an avoidance criterion 118 may be prompted by a suggestion 142. Thus, in some embodiments the computer system 106 processor coupled with the memory executes instructions for displaying a suggestion 142 that a member 100 of an online community 102 select as an avoidance criterion a geographic territory in which the member resides. The computer system 106 also executes instructions for obtaining a geographic territory as an avoidance criterion 118, from a set of listed territories, or as freeform text entry of a postal code, for example. In some embodiments the computer system 106 displays a suggestion that a member select as an avoidance criterion a geographic territory in which the member plans to travel.

In some embodiments, the processor coupled with the memory executes instructions for obtaining one or more of the following as an avoidance criterion 118: geographic territory, profession, a discussion topic listed as appropriate for an existing forum in the online community, gender, marital status, relationship states, ethnicity, race, age, offline family name, offline personal name, specified organization membership, religious affiliation, political affiliation, behavioral preference.

For example, a member 100 might choose avoidance criteria 118 to prevent the member from interacting online with other members of the online community 102 who live in the same city as the member, who attend religious services of the same denomination as the member, who belong to the same professional society as the member, and/or who have the same last name as the member or the member's former spouse.

A member 100 may wish to experiment with different personal avoidance sets 116. In particular, a member may use the number of other members affected by a particular choice of personal avoidance set as a factor in deciding whether to retain that personal avoidance set 116. If the number of other members who remain available for unregulated interaction with the member in the online community 102 appears to be too small, then the member may decide to change the member's avoidance criteria to allow interaction with more members. Instead of selecting an entire state as one's residence territory, for example, a member might decide to select only a metropolitan area within the state. Similarly, if the number of other members who will have an opportunity to see the member's postings, profile, and other activities/username as they are published in the online community 102 appears to be too large, then the member may decide to change the member's avoidance criteria to allow interaction with fewer members. In addition to selecting geographic territories in which the member resides and/or plans to travel, for example, a member might decide to select professional organizations and religious affiliations as avoidance criteria, to reduce the risk of interacting online with anyone the member encounters offline while participating in professional or religious activities.

Accordingly, in some embodiments the processor coupled with the memory executes instructions for calculating and then displaying an indication 144 of how many members 100 of the online community 102 have associated avoidance criteria 118 that do not overlap a specified avoidance set 116, namely, how many members remain fully available for online interaction. Some embodiments display an indication 144 of how many members 100 of the online community 102 have associated avoidance criteria 118 that do overlap a specified avoidance set 116, namely, how many members are not available online. Some embodiments display both types of indication 144. Some embodiments use all registered members as a basis for determining how many are ruled in/ruled out by a given avoidance set 116, whereas some use only members who have been active within some stated period; a special case of the latter is calculating the result of an avoidance set 116 based on the members currently logged on. The indication 144 may be given in absolute terms, e.g., “12345 members do not have any avoidance criteria in common with you and hence will be shown your profile and allowed to email you.” The indication 144 may also be given in relative terms, e.g., “Your selection hides your presence from 83% of the community's members.”

In some embodiments, the processor coupled with the memory executes instructions for displaying to a first member 100 an automatically generated introduction 146 to another online community member 100. The introduction may be accompanied by an express assurance 148 that the first member's avoidance set does not overlap the other member's avoidance set. For example, the member 100 may be told “Click this link to see thumbnail photos and profile summaries of members who live outside your chosen territories and who have not stated an interest in any of the offline activities you want kept separate from people you meet online.”

Some member systems 106 have installed include general protection software such as encryption software, anti-phishing software, firewall software, anti-virus software, anti-adware software, anonymizing software, and the like. General protection software may be used to further raise awareness of identity crimes and reduce unwanted impositions on privacy. However, general protection software is not specifically designed to help a member of an online community avoid interaction with other members of that community that could readily be encountered offline, as described herein.

Some member systems 106 are configured with application software such as word processors, email and instant messaging programs, and/or other applications that can be used to create, modify, transmit, store, retrieve, and/or otherwise manage electronic communications 110. However application software is not specifically designed to help a member of an online community avoid interaction with other members of that community that could readily be encountered offline, as described herein.

In some embodiments of member systems 106, the processor coupled with the memory executes instructions for performing other steps, including one or more of the steps illustrated in FIG. 2.

Service Provider Systems

In some embodiments, a computer system 108 configured for use by a service provider 104 who facilitates an online community 102 also includes a memory configured with computer-executable instructions, and a processor, coupled with the memory, that executes instructions, although these computer system components are not shown in FIG. 1 due to space limitations. The instructions are part of software with which the service provider 104 electronically facilitates the online community 102. In particular, a computer system 108 may help prevent unwanted offline encounters between online community members.

In some embodiments, notice code 150 contains computer-executable instructions for electronically providing a notice 124, such as a notice stating that communications 110 within an online community 102 will be automatically regulated to limit online encounters between members 100 who share at least one avoidance criterion 118, namely, at least one stated offline interest or activity.

In some embodiments, avoidance criteria management and analysis code 114 contains computer-executable instructions for obtaining a first avoidance criterion 118 associated with a first member 100 of the online community 102, obtaining a second avoidance criterion 118 associated with a second member 100 of the online community 102, and comparing the avoidance criteria 118 with each other to determine whether the first member and the second member share at least one avoidance criterion. The avoidance criteria 118 may be obtained by reading from a database of personal avoidance sets 116 and/or they may obtained interactively as needed through a user interface 128, for example.

In some embodiments, avoidance based restriction code 152 regulates communications 110 when avoidance criteria 118 overlap, in order to reduce communication opportunities between the members whose avoidance criteria 118 overlap and hence reduce the risk that they will interact online. Communications may be regulated in one or more ways.

For example, in some embodiments the processor coupled with the memory executes avoidance-based restriction code 152 instructions for regulating communication by preventing direct communication between two members 100 in the online community 102 when geographic territories represented by respective avoidance criteria 118 of the two members overlap. Some embodiments also prevent direct communication when other types of avoidance criteria 118 overlap.

Alternately or in addition, the processor coupled with the memory may execute avoidance-based restriction code 152 instructions for regulating communication by hiding an online identity 138 of a member 100 of the online community 102 from another member 100 of the online community when geographic territories represented by respective avoidance criteria 118 of the two members overlap. Some embodiments also hide an online identity when other types of avoidance criteria 118 overlap. Some examples of online identities 138 are usernames, email addresses, web page addresses, and avatars.

Alternately or in addition, the processor coupled with the memory may execute avoidance-based restriction code 152 instructions for regulating communication by hiding an online activity of a member 100 of the online community 102 from another member 100 of the online community when geographic territories represented by respective avoidance criteria 118 of the two members overlap. Some embodiments also hide an online activity when other types of avoidance criteria 118 overlap.

In some embodiments, the processor coupled with the memory executes avoidance-based restriction code 152 instructions and/or notice code 150 instructions for informing a member 100 of at least one of the following: a territory in which the member resides should be designated by the member as an avoidance criterion 118 to avoid online encounters with other members who are in that territory, the territory in which the member resides must be designated, the territory in which the member apparently resides will be automatically designated, at least one territory in which a member does not reside may be designated, a territory in which the member plans to travel should be designated, a territory in which the member plans to travel must be designated, a territory in which the member plans to travel may be designated.

In some embodiments, the processor coupled with the memory executes avoidance-based restriction code 152 instructions and/or notice code 150 instructions for informing a member of at least one of the following: at least one territory should be designated by the member as an avoidance criterion 118 to avoid online encounters with other members who are in that territory, at least one territory must be designated, at least N territories should be designated (N being a stated value greater than one), at least N territories must be designated, territories which together have at least a specified total area should be designated, territories which together have at least a specified total area must be designated, territories which together have at least a specified total population should be designated, territories which together have at least a specified total population must be designated.

In some embodiments, the processor coupled with the memory executes avoidance-based enhancement code 154 instructions for creating a suggestion 142 to promote direct communication between the two members when their respective geographic territory designations do not overlap. The suggestion 142 may be asymmetric in that a suggestion is made only to one of the members in question, or the suggestion 142 may be part of a symmetric pair of suggestions with which each member is prompted to contact the other.

Some embodiments use both avoidance criteria 118 and seeking criteria. Seeking criteria are commonly used in social networks to identify people a member wants to meet. For example, a member 100 may wish to identify people in an online community 102 who share an interest in a particular forum topic (seeking criterion) and who also live outside the member's country (avoidance criterion). The member's country could be made an avoidance criterion 118, either expressly by the member or automatically by the system 108, depending on the embodiment. The forum topic could be specified as a seeking criterion in a search that identifies other people interested in that topic, from among the group of people who were not ruled out because they live in or plan to travel in the member's home country.

In a conventional social network search, a searcher may see all search results and all potential search results. The searcher in a conventional social network search may be informed, directly or by a process of deduction, precisely which characteristic(s) of a given result or potential result ruled it in or out of the search results. By contrast, in at least some embodiments the mapping between an avoidance criterion and a particular member is not published in the online community 102 to other members. Moreover, in at least some embodiments some of the potential search results may never be seen by a member, such as potential results that disclose information about other members whose avoidance criteria rule them out automatically and in a manner transparent to the member. Thus, an avoidance criterion 118 may function quite differently than a logical NOT qualifier in a conventional social network search.

Some service provider systems 108 are configured with online identity management software 156, which manages online community member online identity data 138 such as member profiles and usernames. For example, online identity management software 156 may require a password from a member 100 before allowing the member to read members-only postings or allowing the member to make a change in a profile of the member that is published in the online community 102.

Some service provider systems 108 are configured with offline identity management software 158, which manages offline community member online identity data 140 such as member mailing addresses and legal names. For example, offline identity management software 158 may require a password from a member 100 before allowing the member to enter a change of address.

In some embodiments of service provider systems 108, the processor coupled with the memory executes instructions for performing other steps, including one or more of the steps illustrated in FIG. 3.

Space limitations and deference prevent showing every item in FIG. 1 at every possible location of the item. For example, in some embodiments a notice 124 is generated on a service provider computer system 108 and then transmitted over a network to a member computer system 106, despite the fact that FIG. 1 does not expressly illustrate a notice 124 on the service provider computer system 108 shown. As another example of how FIG. 1 merely helps illustrate possible configurations, each of the computer systems 106, 108 has one or more processors 120 and at least one memory 122, even though these two items are shown expressly only for member computer system 106.

Not every item shown in FIG. 1 need be present in every system embodiment or in every configured medium embodiment. Although implementation possibilities are illustrated here in text and drawings by specific examples, other embodiments may depart from these examples. For instance, specific features of an example may be omitted, renamed, grouped differently, repeated, instantiated in hardware and/or software differently, or be a mix of features appearing in two or more of the examples.

Configured Media

Some embodiments include a configured computer-readable storage medium 130. In a computer system 106, 108, disks (magnetic, optical, or otherwise), RAM, EEPROMS or other ROMs, and/or other configured storage medium can be provided as part of working memory 122, and/or in addition to working memory 122. A general-purpose storage medium, which may be removable or not, and may be volatile or not, is configured with data structures and instructions to thereby form a configured medium which is capable of causing a system with a processor to perform steps and provide functionality disclosed herein.

Configuring a system with such data and/or such instructions creates a special-purpose system which accepts input representing geographic regions, organizations, and/or other items outside the system, and transforms that input to provide useful and concrete results that help reduce the risk of crossover between member offline activities and online activities. FIG. 1 helps illustrate configured storage media embodiments, as well as system embodiments, process product embodiments, and method embodiments. A configured medium may also be considered an article of manufacture and/or a process product, produced using for example steps shown in FIG. 2 of FIG. 3.

For example, a system may be configured with data such as avoidance criteria sets 116, ratified avoidance criteria 118, selectable avoidance criteria 126, and/or indications 144 of avoidance set results.

Also, a system may be configured with instructions capable of performing functions such as obtaining avoidance criteria and comparing avoidance criteria (e.g., with software 114), regulating communication in a manner that is based on avoidance criteria by hiding member identity, hiding member activity, or preventing direct member communication (e.g., with software 152), and regulating communication by introducing members whose avoidance criteria do not overlap (e.g., with software 154).

In some embodiments, a storage medium 130 is configured to cause performance of a method to help prevent unwanted offline encounters between members of an online community. The method causes the system to electronically provide a notice 124 that communications in an online community 102 will be regulated in order to reduce online communication between community members 100 who have overlapping avoidance criteria 118, and to electronically obtain through a user interface 128 an avoidance set 116. The regulation of communications 110 may include, for example, measures designed to do at least one of the following: hide an online identity 138 of a member 100 of the online community 102 from another member 100 of the online community 102 if the two members share at least one avoidance criterion 118; hide an online activity of a member 100 from another member 100 if the two members share at least one avoidance criterion 118; prevent direct communication in the online community 102 between members 100 who share at least one avoidance criterion 118.

In some embodiments, a storage medium 130 is configured with code 114, 150, 162 to make a system: electronically provide a notice that communications within an online community 102 will be regulated to limit online encounters between members who share at least one avoidance criterion; obtain a first avoidance criterion 118 associated with a first member 100 of the online community; obtain from the first member an indication of a first acceptable level of risk 164, which represents the first member's willingness to risk encountering offline some other member of the online community; obtain a second avoidance criterion 118 associated with a second member of the online community; obtain from the second member an indication of a second acceptable level of risk 164, which represents the second member's willingness to risk encountering offline some other member of the online community; and set an offline encounter risk level 160 based on the avoidance criteria.

In some embodiments, an acceptable level of risk 164 is indicated by a numeric value. For instance, a member may be asked a question such as “On a scale of one to ten, with one being ‘don't care if we meet’ and ten being ‘must never meet’, how important is it that you not meet offline anyone you communicate with online?” In some embodiments, an acceptable level of risk 164 of an offline encounter with someone met online is indicated by an enumeration value, such as “Always avoid offline meetings”, “Try hard to avoid”, “OK sometimes”, “OK anytime”. In some embodiments, an acceptable level of risk 164 is associated with one or more particular avoidance criteria 118, e.g., it may be more acceptable to meet another member who shares a plan to visit France than it is to meet another member who consults in the same field of software security technologies.

In some embodiments, a storage medium 130 is configured with code 162 to make a system automatically determine whether an offline encounter risk level based on comparing two members' respective avoidance sets 116 exceeds an acceptable level of risk stated by either or both of the two members 100. If the risk of an offline encounter is greater than an acceptable level of risk, then communication involving the members is regulated accordingly to reduce the offline encounter risk level. The members set respective targets, and the system helps adjust avoidance criteria to meet those targets. For example, regulation directed by instructions 152 may automatically hide online community contact information of each of the two members from the other member, automatically hide online community activity of each of the two members from the other member, and/or automatically prevent direct communication between the two members.

In some embodiments, an offline encounter risk level 160 is based in part on population data. Accordingly, the offline encounter risk level for two members who both reside in a city with a population of ten thousand is greater than the offline encounter risk level for two members who both reside in a city with a population of one million. Similarly, the offline encounter risk level for two members 100 who both practice a religion, or belong to an organization, which has relatively few members is greater than the offline encounter risk level for two members who both practice a religion, or both belong to an organization, which has a relatively large membership population.

In some embodiments, an offline encounter risk level 160 is based in part on whether a geographic avoidance territory is characterized as a member's residence or merely as a place a member plans to visit. More generally, an offline encounter risk level 160 may be based on the frequency of an offline activity. Accordingly, the offline encounter risk level for two members who both reside in the same territory is greater than the offline encounter risk level when one member resides in the territory and the other merely plans to visit the territory, which is in turn greater than the offline encounter risk level when both members merely plan to visit the territory. Likewise, an offline encounter risk level may be greater for an organization or club that meets weekly than for one that meets annually.

In some embodiments, an offline encounter risk level 160 is raised by a specified increment for each additional avoidance criterion 118 shared by two members. For example, in a system in which offline encounter risk level lies in the range from zero (no risk) to one thousand (maximum recognized risk), each shared avoidance criterion might cause fifty to be added to the offline encounter risk level. In a variation, different avoidance criteria 118 are weighted differently, e.g., sharing a residence territory adds five hundred to the offline encounter risk level, whereas sharing a political affiliation adds only twenty to the offline encounter risk level. In some embodiments, an offline encounter risk level 160 is multiplied by a specified factor for each additional avoidance criterion shared by two members; in a variation, different avoidance criteria have different multipliers.

Some embodiments produce an offline encounter risk level 160 using a combination of population data, specified increments, and specified multipliers. It will be understood that an offline encounter risk level 160 may also be based on avoidance criteria using other approaches.

In some embodiments, a storage medium 130 is configured to make a system automatically determine whether an offline encounter risk level based on comparing two members' respective avoidance sets 116 does not exceed an acceptable level of risk stated by either or both of the two members 100. If the risk of an offline encounter is smaller than both acceptable levels of risk, then communication involving the members is regulated accordingly to enhance communication, even though that may increase the offline encounter risk level, so long as an acceptable level is not surpassed. For example, regulation directed by instructions 154 may automatically display to at least one of the two members an online community username of the other member, or automatically introduce the first member and the second member to each other online.

Methods

FIGS. 2 and 3 illustrate some method embodiments. In a given embodiment zero or more illustrated steps of a method may be repeated, perhaps with different parameters or data to operate on. Steps in an embodiment may also be done in a different order than the top-to-bottom order that is laid out in the Figures. Steps may also be omitted, combined, or otherwise depart from the illustrated flow, provided that the method performed is operable and conforms with at least one claim.

FIG. 2 shows a flow chart 200 illustrating steps of some method and configured storage medium embodiments from a point of view of a member 100 of an online community 102, for example.

Actions by a member discussed herein may equivalently be considered actions by software and hardware for which the member is responsible, e.g., by a system over which the member has control, and vice versa. The same holds true of actions by a service provider. That is, a system of hardware and software, a system of hardware, and a system of software, may each be deemed an agent or alter ego of a human who controls that system.

As indicated by steps 202 and 204, the member has one or more online identities 138 and one offline identity 140, respectively. In particular, a member may have 202 an online identity which is published within an online community 102, and may also own 204 an offline identity which is not published within the online community. The member 100 may have online identities 138 in the form of usernames, avatars, personal web pages, and other online data which reflects aspects of the member's activities and preferences.

Online identity is generally under at least partial control of the member, and in many cases is under complete, or nearly complete, control of the member, e.g., by setting profile information and choosing email addresses. Indeed, a member may choose to have more than one online identity within a given online community.

By contrast, the offline identity of a given member can be considered unique. However, this is a definitional preference, not a requirement in every embodiment. One could also define offline identities 140 according to time periods in the member's life, for example, or roles played by the member in the offline worlds, e.g., at home versus at work. Online identities can, however, provide some anonymity which is rarely if ever provided by offline identities.

During one or more notice receiving steps, a member receives electronically a notice 124. A given notice 124 may be triggered by an event such as admission to membership in an online community, creation of an electronic communication 110 by a member, updates sent to the online community membership generally, or selection of an avoidance criterion 118 by a particular member. Several notice steps 206-214 are illustrated in FIG. 2; zero or more of these steps and/or other notice steps may be part of a given method.

Some of the steps shown in FIG. 2 may be performed during registration of new members, or even earlier during marketing of an online community 102. Some examples include steps such as receiving 206-214 a notice; selecting 216, entering 218, combining 220, or ratifying 222 an avoidance criterion 118; specifying 226 an acceptable level of risk of an offline encounter with some other member(s) of the online community; owning 204 an offline identity; and so on. The term “member” as used herein with respect to such steps should be understood to include not only current members 100 of an online community 102 but also prospective members 100 who express interest in joining the online community 102, and in-process-of-registration members 100 who are in the process of joining the online community 102.

During an avoidance measures notice receiving step 206, a member 100 receives a notice 124 that communications in an online community 102 will be regulated to reduce online communication between members of the online community who share at least one avoidance criterion. In a variation of this and/or other notice-related steps, the notice 124 states that communications will be automatically regulated. The notice 124 in any notice step 206-214 may be received via a display 134, a speaker 134, or another output device.

During an online identity hiding notice receiving step 208, a member 100 receives a notice 124 that communications in an online community 102 will be regulated by measures designed to hide an online identity of a member of the online community from another member of the online community if the two members share at least one avoidance criterion.

During an online activity hiding notice receiving step 210, a member 100 receives a notice 124 that communications in an online community 102 will be regulated by measures designed to hide an online activity of a member of the online community from another member of the online community if the two members share at least one avoidance criterion.

During a communication limits notice receiving step 212, a member 100 receives a notice 124 that communications in the online community 102 will be regulated, e.g., by measures designed to prevent direct communication in the online community between members who share at least one avoidance criterion.

During an avoidance set secrecy notice receiving step 214, a member 100 receives a notice 124 that the member's personal avoidance set 116 will not be published to other members in the online community 102. Secrecy of an avoidance set 116 can be maintained by use of passwords, encryption, file system access restrictions, and similar security measures which limit disclosure of the avoidance set 116 to the member who owns that set. Avoidance set 116 access may also be given in some embodiments to authorized service provider 104 personnel for troubleshooting purposes.

During an avoidance criterion selecting step 216, a member 100 selects at least one avoidance criterion 118 from a displayed collection of selectable avoidance criteria 126. For example, a member may be told “Select the organizations you participate in, from the dropdown list of organizations, and your presence online will be kept hidden from any other community member who likewise participates in any organization you've selected.” As another example, a member may be told “Click on as many provinces and states as you want in the map, to show where you live or travel. Your presence online will be kept hidden from any other community member who lives or travels in a state or province you've both selected.”

During an avoidance criterion freeform entering step 218, a member 100 enters an alphanumeric string representing at least one avoidance criterion 118. For example, a member may enter a zip code or other postal code, or a telephone area code. In some embodiments, a member may enter the name of a restaurant, club, other recreational facility, landmark, cultural event, and/or other keyword(s) pertaining to the member's expected offline activities. String comparisons and other keyword search tools and techniques can then be used help identify avoidance criteria shared with other members.

During an avoidance criteria combining step 220, a member combines two or more avoidance criteria using Boolean operators such as AND and OR to form an expression 136. A member may form an expression which is itself an avoidance criterion 118, from constituent avoidance criteria 118. For example, a member may select a geographic territory as an avoidance criterion by using a Boolean combination of constituent territories, e.g., “avoid Texas OR Louisiana”. As another example, a member may wish to remain hidden online from other members who are male and who live in or travel in New York, without being hidden from other members who are female and live in or travel in New York.

The member may form an avoidance criterion expression expressly stating this requirement, e.g., “avoid male AND NewYork”. In some embodiments, Boolean operators are implicit. For example, when a member lists several geographic territories, those territories may be implicitly OR'd together.

During an avoidance criterion ratifying step 222 a member ratifies a personal avoidance set 116 which includes at least one avoidance criterion 118. Fro example, a member may ratify a personal avoidance set which includes at least one of the following as an avoidance criterion: geographic territory, profession, offline name. An entire avoidance set may be ratified as a whole by an express member action, e.g., by displaying the avoidance set's content to the member with a request for approval and then receiving a button press, mouse click, spoken “yes” or other physical manifestation of approval by the member. The avoidance set may also be ratified step-by-step as it is built, at least with regard to avoidance criteria that are placed in the avoidance set after being selected 216 or entered 218 by the member; selection 216 and entry 218 are then examples of ratification 222.

Some avoidance criteria may be placed in an avoidance set automatically, such as an avoidance criterion representing the automatically geolocated apparent residence of the member. In some embodiments, ratification 222 includes a member participating in the online community while subject to an avoidance criterion which is automatically treated as part of the personal avoidance set without being individually selected by the first member. For avoidance criteria that are not expressly added to the avoidance set by a member, ratification 222 may occur when the member participates beneficially in the online community using the avoidance set and/or when the member receives a notice 124 that the avoidance criterion will be used.

During an avoidance result indication receiving step 224 a member receives an indication 144 of the result of changes made to an avoidance set 116; examples of changes may include creation, modification, and deletion of the avoidance set. For example, an indication may be displayed on a screen 134 with text or graphics, or spoken through a speaker 134 using recorded or synthesized speech. An indication 144 may help a member understand how many other members of the online community have at least one avoidance criterion overlapping the first member's personal avoidance set and/or how many other members do not share any avoidance criteria with the member's avoidance set 116.

During an acceptable level of offline encounter risk specifying step 226 a member specifies an acceptable level of offline encounter risk 164, which represents the member's willingness to risk encountering offline some other member of the online community. For instance, the member may slide a graphical slider bar, move a virtual door or other image of a physical barrier to a position that appears more closed or more open, make a selection from a list, speak into a microphone 134, or otherwise use an interface 128 to enter a value representing a level of offline encounter risk chosen by the member.

During an introduction and assurance receiving step 228, a member receives an automatically generated introduction 146 to another online community member. The introduction 146 may be accompanied by, or otherwise be in the context of, an assurance 148 that the first member's personal avoidance set does not overlap the other member's avoidance criteria. The introduction and assurance may be delivered by email, instant message, voicemail, text message, or be in the form of some other electronic communication.

During a communication attempting step 230, a member 100 attempts unsuccessfully to communicate directly in the online community 102 with another online community member who shares at least one avoidance criterion 118 with that member. For example, an email address that is otherwise valid may nonetheless be blacklisted because both the sender and the target recipient reside in the same town. Other attempts at communication, which do not pose unacceptable risks, may succeed.

During a participating step 232, a member participates in an online community 102 by submitting electronic posts, sending/receiving other electronic communications, and so on. For example, a social network 102 may be organized into groups based on shared interest in a given topic and/or based on questions of the form “Looking for advice on ______ ” or “Has anyone ever ______?”. Participation 232 may be limited to members of the online community 102.

During a suggestion receiving step 234, a member receives a suggestion 142 pertaining to one or more avoidance criteria 118 and/or one or more other members 100. The suggestion may be delivered by email, instant message, voicemail, text message, or be in the form of some other electronic communication.

FIG. 3 shows a flow chart 300 illustrating steps of some method and configured storage medium embodiments from a point of view of a service provider who facilitates an online community. Methods illustrated in FIG. 3 may help service providers 104 and others maintain a separation between online and offline activities of members of an online community.

During a notice providing step 302, a service provider 104 provides one or more notices 124 to one or more members 100 of an online community that is being served by the service provider. For example, a service provider 104 may electronically provide 302 a notice that communications 110 within the online community 102 will be regulated to limit online encounters between members who share at least one avoidance criterion. Notice providing step 302 corresponds generally to notice receiving steps 206-214, except that notice providing step 302 is performed by a service provider whereas notice receiving steps 206-214 are performed by a member.

During a registration beginning step 304, a service provider 104 begins registering a potential member 100 of an online community 102. During a registration finishing step 306, the service provider 104 finishes registering the member 100. Registration may be as simple as assigning a username and password in conjunction with notices 124 explaining how the online community operates. Registration may gather an offline name, an offline address, and/or other offline identity 140 values, but that is not required in every embodiment. Some embodiments inform a member that entering an offline name is not required to participate in an online community 102; some simply do not ask for an offline name.

Steps such as providing 302 notices 124, automatically identifying an apparent residence and adding a corresponding avoidance criterion 118 to a new member's personal avoidance set 116, displaying other avoidance criteria 126, and/or obtaining an acceptable level of offline encounter risk 164, may be performed before beginning 304 registration, during registration between steps 304 and 306, and/or after finishing registration 306, in a given embodiment. In some embodiments, a first avoidance criterion 118 such as a member's residence territory or family name is obtained during a registration of a member 100, and the registration must be completed before the member can participate fully in the online community 102.

During avoidance criterion obtaining steps 308 and 310, a service provider 104 (or equivalently as noted, a system acting on behalf of a service provider) obtains an avoidance criterion 118 to associate with or already being associated with at least one member 100 of the online community 102.

During a step 308, an avoidance criterion is obtained from a member through an interface 128; this corresponds generally to one or more of avoidance criterion providing steps 216 and 218 (possibly in conjunction with Boolean expression creating step 220 and/or avoidance criterion ratifying step 222), except that avoidance criterion obtaining step 308 is performed by a service provider whereas steps 216-222 are performed by a member. The avoidance criterion obtained can be securely stored 314, e.g., in a database of member avoidance sets 116 on a server provider system 108 inaccessible to members, in order to prevent members from seeing each other's avoidance criteria.

During a step 310, an avoidance criterion is obtained automatically, e.g., by an automatic determination 312 of a member's apparent residence and inclusion 314 of a corresponding geographic avoidance criterion in the member's personal avoidance set 116. Other avoidance criteria may also be obtained automatically. If a member's family name is obtained during registration, for example, that family name may be automatically treated 310 as an avoidance criterion, so that members with the same family name are hidden from one another in the online community 102. Members may be notified that such steps 310 are possible, or notified that such steps 310 will definitely occur. In some embodiments, such automatic steps 310 occur without any member notification.

In some embodiments, a processor coupled with a memory executes avoidance-based restriction code 152 instructions for automatically determining 312 a member's likely residence and then including within that member's avoidance criteria 118 at least one territory which includes the member's likely residence. For example, geolocation tools may be used to automatically determine 312 a likely physical location of a member system 106, using the IP address 112, domain name, and so on, and that physical location can then be treated as a member's apparent residence. Alternately, a mailing address, zip code, phone number area code, or other offline residential identity 140 information provided by the member 100, perhaps during registration, can be automatically read from secure storage 140 and treated as the member's residence. Some examples of offline identities 140 are legal names, residential addresses, employer names, and information of the type found on drivers licenses, passports, and other government-issued identification documents.

During a residence determining step 312, some mapping may be needed from a geolocation value or a registration address value to a geographic territory recognized as an avoidance criteria. For example, a zip code might be mapped to an entire state based on the initial digits of the zip code, a city might be mapped to a metropolitan area near the city, or an employer name might need to be mapped to employer office locations and from those office locations to a set of geographic territories. Employer names can be found in numerous searchable public databases.

During secure storing steps 314, 316, a service provider 104 securely stores avoidance criteria 118 and offline identity data 140, respectively. Other data, such as acceptable levels of offline encounter risk 164, usernames and passwords, and data structures used to implement communication regulation, may be similarly securely stored. Secrecy of stored data can be maintained by use of passwords, encryption, file system access restrictions, and other security measures which help limit disclosure of the data to the member who provided the data. Data access may also be given in some embodiments to authorized service provider 104 personnel for legitimate purposes such as troubleshooting or fraud prevention, for example. Some embodiments securely store 314 obtained avoidance criteria 118 such that a given member's avoidance criteria are not published in the online community 102 to other members. Some embodiments securely store 316 offline identity information 140 about members such that none of the offline identity information provided by a given member is published in the online community 102 to all of the other members.

During an avoidance criteria comparing step 318 and/or an avoidance set checking step 320, a service provider 104 compares avoidance criteria 118 to determine whether two members share at least one avoidance criterion and/or to determine whether an avoidance set 116 contains particular avoidance criteria 118. In some embodiments, each of a plurality of avoidance sets 116 is associated with a respective member 100 from a plurality of members of an online community 102, and step 320 checks the plurality of avoidance sets for a specified avoidance criterion 118. A plurality of avoidance sets 116 may be checked to help calculate the impact of a change in a member's avoidance set, for example, so that an indication 144 of the impact can be displayed.

Avoidance criteria 118 comparisons and checks for avoidance set 116 membership may be implemented in various ways, depending in part on the data structures used to implement avoidance criteria 118 and avoidance sets 116.

Avoidance criteria 118 implemented with alphanumeric strings may be compared using keyword search tools and techniques adapted from applications such as word processors and/or internet search engines. Avoidance set 116 implemented with bitstrings may be checked using bitmasks and bitwise operators. Avoidance criteria 118 implemented with region maps may be compared using pixelwise or other base unit intersection of normalized areas, possibly with some tolerance added around edges of maps to err on the side of finding overlap. Of course, other data structures may also be used to implement avoidance criteria 118 and avoidance sets 116, including for example linked structures and arrays, in which case comparison can be implemented using corresponding tools and techniques for testing membership in a set, testing equality of sets, intersecting sets, forming a union of sets, and so on.

During an avoidance result indication displaying step 322, a service provider 104 displays to a member 100 an indication 144 of the result of a change to the member's personal avoidance set 116, such as the addition or removal of a particular avoidance criterion to or from the avoidance set 116. For example, an embodiment may display 322 to a given member an indication of at least one of the following: how many other members of the online community 102 share at least one avoidance criterion with the given member, how many other members of the online community 102 do not share at least one avoidance criterion with the given member. Step 322 corresponds generally to avoidance result indication receiving step 224, except that step 322 is performed by a service provider whereas step 224 is performed by a member.

In some embodiments, a display 322 of a single indication 144 does not disclose to a member which avoidance criteria are currently associated with any other member. In some, dozens or hundreds of displays 322 by a member do not disclose to that member which avoidance criteria are currently associated with any other member. It may be possible in some embodiments to use a combination of (a) surveying available member profiles and (b) changing one's own avoidance criteria, to pry out of the system the identity of at least one of the avoidance criteria associated with some other member. However, measures may be used in an online community 102 to discourage or prevent such prying. For example, members may be notified 302 that they will be locked out of the online community for such behavior and/or members may be limited by software 114 to at most five (for instance) avoidance criteria set 116 changes per month.

During a direct communication preventing step 324, a service provider 104 prevents direct communication in the online community 102 between members who share an avoidance criterion 118. Direct communication may be prevented, for instance, by adding each member's username to a system-maintained email blacklist and/or instant messaging blacklist, for example. Blacklist entries are not visible to members, and may be visible to authorized service provider personnel. A similar hidden blacklist may be used to prevent one member's blog from being displayed to the other member. Some embodiments go further, by redacting blog comments and forum postings made by one member so the postings are not displayed to the other member, even when neither of the members in question own the blog or moderate the forum.

During an online identity hiding step 326, a service provider 104 regulates communications 110 to hide an online identity of a member of the online community from another member of the online community who shares at least one avoidance criterion. Online identity 138 may be hidden, for instance, by not displaying a member's web page or other profile, and/or by redacting instances of the member's email address and username from blog and forum postings.

During an online activity hiding step 328, a service provider 104 regulates communications 110 to hide an online activity of a member of the online community from another member of the online community who shares at least one avoidance criterion. Online activity may be hidden, for instance, by not displaying a member's web page or other profile, blog, blog comments, forum postings, or any other communication 110 from the member 100.

During a suggesting and/or introducing step 330, a service provider 104 generates and provides a suggestion 142 and/or an introduction 146 to promote direct communication between two members when their respective geographic territory designations and other avoidance criteria 118 do not overlap. A suggestion 142 may be asymmetric or part of a symmetric pair of suggestions, with each member being prompted to contact the other. Suggestions 142 may also be provided 330 to invite actions other than member contact, e.g., a service provider may suggest 330 that a member select as an avoidance criterion a geographic territory in which the member resides, or that a member reconsider a change in the member's personal avoidance set 116.

During an acceptable level of offline encounter risk obtaining step 332, a service provider 104 obtains from a member an indication 164 of a first acceptable level of risk, which represents the member's willingness to risk encountering offline some other member of the online community. In some embodiments a default level 164 may be obtained automatically during registration. Acceptable level of offline encounter risk obtaining step 332 in FIG. 3 corresponds generally to acceptable level of offline encounter risk specifying step 226 in FIG. 2, except that step 332 is performed by a service provider whereas step 226 is performed by a member.

During an offline encounter risk level setting step 334, a service provider 104 sets an offline encounter risk level 160 based on what the avoidance criteria of two members 100 reveals about the offline activities of the members. For example, if a first member and a second member each belong to an organization that has only a hundred members, then the offline encounter risk level for those two members would be relatively high, even if they live in different cities. On the other hand, if two members have mutually exclusive interests and preferences, e.g., they belong to different clubs that meet at different locations on the first Tuesday of each month, then the offline encounter risk level for those two members would be relatively low, even if they live in the same city. An offline encounter risk level calculation 334 may be based on one, some, or all of the members' avoidance criteria.

In some embodiments, a step of obtaining 308 an avoidance criterion occurs after a registration 306 of a member 100 and the step 308 modifies the member's existing avoidance set 116. The service provider 104 resets 334 the offline encounter risk level for that member and another member based on the modified avoidance set.

In some embodiments, a service provider 104 automatically determines that an offline encounter risk level for two members exceeds at least one of the member's acceptable level of risk, and automatically hides online community contact information and/or online community activity of each of the two members from the other member. Conversely, in some embodiments a service provider 104 automatically determines that neither member's acceptable level of risk is exceeded, and automatically displays to at least one of the two members an online community username of the other member, or automatically introduces the first member and the second member to each other online.

During a communication supporting step 336, a service provider 104 supports creation, modification, transmission, storage, and/or analysis of communications 110 in an online community 102. In particular, the service provider regulates communication to help reduce the risk of unwanted offline encounters between members 100 that would arise from unregulated online communication.

Additional Examples

Some possible embodiments provide new social networking tools and techniques, and in particular, new tools and techniques for facilitating social networks in which members meet online but face little or no risk of ever meeting offline. Some of these possible embodiments include features beyond the avoidance criteria and risk level features discussed above. Features are discussed below in connection with various “embodiments” but it will be understood that a claim defines what actually constitutes an embodiment of that claim, so features discussed in examples should not necessarily be read into a given claim.

Some embodiments may help encourage and support online communities which have an ethos of members providing other members with anonymous help based on candid disclosure of opinions and social facts online, with little risk that the disclosures will lead to unwanted or complicated offline interaction. Embodiments may operate online communities through websites under domains containing marks such as “NeverMeet”, “NoFaces”, “FriendlyStrangers”, “SmallWorld”, or the like, depending on the legal availability of such domains and marks.

Some approaches described herein run counter to an assumption that social networking sites should help people meet each other in person. Instead, some embodiments take the approach that an online version of a “strangers in a bar” conversation can be worthwhile. People may be more candid in seeking—and giving—life advice, for instance, if they know they'll never meet in person.

Other interactions may also be less inhibited. It may also be helpful for conventional matchmaking sites to offer subscribers a practice forum in which they converse with people whose actual identity they will almost certainly never learn, who will almost certainly never learn their identity, and whom they will almost certainly never meet in person (intentionally or even by accident).

In some embodiments, social network member geographic locations are obtained or approximated, and that geographic information is used to limit online interaction in order to reduce the risk that members who interact online will meet (accidentally and/or intentionally) offline.

For example, in some embodiments, a member 100 can specify 216, 218 one or more geographic areas to be avoided by the system when the system is determining which other members should be able to contact this member. In one simple case, a member 100 who lives in city F can tell the system to avoid allowing that member contact with other members who also live in F. Depending on the implementation, the territories 118 to avoid may be landmarks (Eiffel

Tower, . . . ), cities, counties, provinces, states, regions, nations, and/or continents, for instance. A time zone is another example of a geographic region. Territories may be predefined, and accessed through a menu 128.

In some embodiments, a social networking system may help reduce or prevent online contact between members whose avoidance areas 118 overlap. Thus, if member A says to avoid areas X, Y, Z, and member B says to avoid areas R, S, X, and member C says to avoid areas R, S, T, and member D says to avoid area W, then the social network operates to reduce or eliminate/prevent online interaction (within the social network's virtual community(ies)) between A and B, and between B and C, and it operates to allow (or even encourage) online interaction between A and C, A and D, and B and D. As another example, if Bob lives in California and travels (or plans to travel) to Canada, and Pat lives in Oregon and does not travel, then Bob could list avoidance areas 118 California and Canada, and Pat could list avoidance area 118 Oregon. The system would then allow (or encourage) online interaction between Bob and Pat, because—based on the avoidance areas they specified—there is little risk they will ever be in the same geographic area, and hence little risk they will ever meet offline. By contrast, if Pat listed California in addition to listing Oregon, then the system would take steps to limit or prevent online interaction between Pat and Bob, because their avoidance areas (a.k.a., their personal territories, or their safety zones) overlap.

Some embodiments require that a member specify 216 at least N personal territories 118, and/or that the member specify a combination 136 of personal territories that satisfies some geographic size requirement. For instance, a member might be required in one implementation to specify at least three personal territories 118, or to specify at least two territories 118 which are each at least the size of Switzerland, or which meet some minimum combined population total, e.g., territories containing at least fifty million people.

In some embodiments, virtual community cultural pressure, community website contractual terms of use, and/or other similar tools are used to encourage or legally require members to specify 216, 218 a personal territory 118 that includes their current residence. In some embodiments, as an alternative or in addition, tools such as geolocation software or correlation with a payment database are used to identify 312 the apparent approximate geographic location of the computer 106 or other device 106 being used by a member 100 to access the online community 102, and that geographic region is included 310 (visibly to the member in some cases, invisibly in others) among the member's personal territories 118. In some embodiments, a member's list 116 of personal territories is private to the member—it is used by the system internally, but is not made visible to other members.

A geographic territory normally is a characteristic of a member 100, at least as to the geographic territory in which the member resides. But other criteria need not apply to the member 100 who specifies them as avoidance criteria 118. A member can ask to avoid communication with members who have a particular profession 118, for instance, without also being a member of that profession.

In some embodiments, a member can specify avoidance criteria 118 that are not geographic in addition to, or instead of, specifying the geographic territories to avoid. For example, a physician who is an expert in some medical field may tell 216, 218 the system 106, 108 to help her avoid communications 110 online with other physicians generally, or perhaps only with other physicians in her medical field. Another physician may similarly tell the system to avoid communications with attorneys. More generally, avoidance criteria 118 may be any of a wide variety of criteria, e.g., geographic location, profession, certain topics of discussion, and so on. Avoidance criteria may be specified in a profile.

The avoidance criteria may have an effect in a system in various ways, depending on the system embodiment.

First, when the system is making or offering a random or semi-random (e.g., based on shared interest in a topic) introduction 146 between two members, it may operate to avoid introducing two members whose personal territories 118 overlap.

Second, when the system is selecting a privacy quality control reviewer of a communication, it may operate to avoid selecting a reviewer whose territory overlaps with either the source member of the communication or the intended destination member of the communication.

Third, when the system is preparing to display a blog posting, forum posting, comment, or other quasi-public posting by one member, it may limit 328 what is seen by other member(s) so that the posting is not seen by member(s) whose personal territory(ies) overlap the personal territory 118 of the poster 100. As a result, not every member 100 who looks at (or tries to look at) a blog at a given point in time will necessarily see the same content as the other member(s). Rather, postings may be filtered 328 to prevent viewing by members 100 whose personal territories 118 overlap those of the original poster 100 and/or those of a subsequent commenter 100. In some implementations, overlap between a potential viewer's territory and any poster's (original, later commenter) territory makes the entire blog (comments and all) unavailable 328 to the potential viewer. In other implementations, redactions 328 are made based on individual's territories, so that the potential viewer sees at least some of the blog but does not see portions posted by members whose territory overlaps the viewer's territory. More generally, a system may filter 326, 328 access to postings to satisfy member avoidance criteria, geographic or otherwise, to reduce the risk that members who communicate online might meet offline.

Some embodiments do not ask members for personally identifying information 140 when they register 304, 306 to obtain a username 138. Other embodiments do ask, e.g., to receive a one-time registration fee, but do not correlate usernames to that personal information.

In some embodiments, at least some social network member communications are reviewed for potential disclosure of personally identifying information, and review results are used to discourage and/or limit online communications that apparently increase the risk that members who interact online will meet (accidentally and/or intentionally) offline. Such privacy reviews may be automated, by people, or both.

For example, in some embodiments, member communications (posting, email, IM, chat, etc.) are scanned for key words and phrases that may indicate increased risk of disclosing a member's offline identity; online, usernames not reminiscent of offline names etc. are used to identify members. Such privacy concern triggers may include, e.g., personal or family names, phone numbers, addresses (postal, email, web), account numbers, gender, race, ethnicity, age, title, profession, geographic names, landmark names, employer names, phrases such as “where do you live?”, “I live in . . . ”, “How old are you?”, “What school do you go to?”, etc.

Various steps may be taken when scanning detects such a privacy concern trigger. The communication sender may be told, and given a chance to edit the communication before it is sent to any other member. The communication may be sent to a randomly selected (or an expertise-and-trust-proven-selected) member who serves as a privacy quality control reviewer. The trigger may be modified (for learning, eg., as spam detectors learn, but to detect privacy concerns better, not to detect spam). The communication may be sent to its intended member destination(s), with or without some modification by the sender and/or by the system to enhance sender privacy.

In some embodiments, a privacy quality control reviewer receives a communication snippet without receiving any indication who is sending it, reviews it, and makes a judgment about whether it reveals personally offline-identity-revealing information. Reviewer comments are sent back to the sender. The sender may make changes, after which the edited communication is sent to another randomly selected (but again with non-overlapping personal territory) privacy quality control reviewer, and so on. Thus, the community helps protect the privacy of its members. Individual members may build up, over time, expertise in judging the risk of disclosure, and that expertise may in turn be rated anonymously by the members whose communications are reviewed.

Members who prove to be expert and trustworthy at assessing privacy disclosure risks—as judged by those whose privacy they seek to protect—may be rewarded in ways that do not risk disclosure of their own privacy. For example, reviewers may take pride in private recognition by the system of their relative rank among all privacy reviewers. Reviewers may enjoy being trusted with review of messages which are more likely than other reviewed messages to disclose a member's offline identity.

In some embodiments no privacy reviewer is sent more than some small predetermined number of communications from a given member to review. For example, a reviewer might be sent no more than five communications over the course of one year from a given member.

In some embodiments, a system goal is to strike a balance that favors online interaction without unacceptable risk of disclosing offline identities. In some embodiments, the system cannot prevent intentional disclosure of a member's offline identity by that member. But it can often prevent, or at least reduce, the risk of accidental disclosure of a member's offline identity by that member.

In some embodiments, social network member computing characteristics are reviewed for potential disclosure of offline geographic location or offline identity revealing information. Computing characteristics may then be hidden and/or altered to reduce or eliminate the risk that members who interact online will meet (accidentally and/or intentionally) offline. Familiar technical means of promoting anonymity by hiding and/or altering computing characteristics can be used, such as not tracking IP addresses 112 (except possibly to initially assign a personal territory 118 as discussed herein), using anonymizing servers or proxies, and so on.

Usernames can be compared to lists of personal and family names, cities, etc., to reduce the risk that a username containing those or other privacy concern triggers will be accepted for use in the system. Dictionary search tools used to find passwords, for instance, could be adapted for use in scanning usernames for personal names, cities, family names, professions, etc.

In some embodiments, posting or other communication of pictures (jpg, gif, tiff, pdf, etc.) is not supported by the system. In other embodiments, pictures may be allowed, but every picture is subject to privacy quality control review. For example, cartoon images, avatars, animations, and other images that do not readily reveal the type of identifying characteristics shown in an identification photograph may be allowed.

In some embodiments, links to outside websites are not supported by the system. In other embodiments, links may be allowed, but every link is subject to privacy quality control review. At least some disguised links, such as “goo g le dot co m” (note spacing, use of “dot”), may be detected and treated as links.

In some embodiments, each user has two usernames. One (internal username) is seen by the user, while the other (external username) is seen by other people in the system. Messages can be scanned automatically for either type of username; internal usernames in particular can be privacy concern triggers. The user does not necessarily know its own external username; in some embodiments, external usernames are kept secret from their users. Postings of a user which include the user's external username are modified to show the user's internal username instead, at least when the user is logged on. Another person logging on nearby, e.g., a friend of the user, should not see those messages anyway, since the friends' personal territories will overlap. Likewise, if the user logs in under a different account, but is still in the same territory, the original account's messages should be filtered out and thus not displayed to the user.

In some embodiments, the external username associated with a given internal username (via a table or other data structure) is changed on occasion. The user is not normally notified that a change in external username has occurred, but may infer such a change from a loss of contact with some other user that occurs when the old username is disabled. An external username may be changed or otherwise disabled (e.g., user evicted from system) on a regular schedule, e.g., every month, on a randomized schedule, in response to a request from the user (“I′m uncomfortable—please move me to a new virtual bar with a fresh face and new people to meet online”), and/or in response to heightened risk of privacy loss as indicated by automated review of messages to/from the user for privacy concern triggers and/or by actions by privacy quality control reviewers (especially if the system notes a history of privacy concerns). The new external username normally bears little or no resemblance to the previous external username.

In some embodiments, a given internal username is associated with more than one external username, e.g., a different external username may be used in each of several different countries or other territories. This may reduce the risk that when users A and B communicate, A, and C communicate, and B and C communicate, that B and C will together learn more than desired about A′s identity. B and C will know A under different external usernames of A, and hence be less likely to correlate information about A.

It will be apparent that preserving one's anonymity is a way to help reduce the risk that one will never meet in person offline someone that one has met online. But it is not the only way. Embodiments can also help prevent unwanted offline meetings by limiting online interaction to members whose personal territories 118 (as stated 216, 218 by the members and/or determined 312 automatically by the system from geolocation) do not overlap.

Traditional profile elements, which contain personally identifying information such as age, gender, race, profession, and geographic location, will likely be used rarely if at all in some embodiments. However, topics of interest might be specified in a profile that is accessible to other members (at least, to those whose personal territories do not overlap your own).

Tools and techniques presented herein may be embodied in various ways, e.g., processes and/or hardware on a server computer 108, on a client 106 or peer 106, or on a standalone computer, software (data instructions) in RAM or permanent storage for performing a process, general purpose computer hardware configured by software, special-purpose computer hardware, data produced by a process, and so on. Computers, PDAs, cell phones, and any device 106, 108 having user interface 128 and some network transmission 134 capabilities may be part of a given embodiment. Touch screens, keyboards, other buttons, levers, microphones, speakers, light pens, sensors, scanners, and other I/O devices 134 may be configured to facilitate or perform operations to achieve the methods and systems, and method results, which are described here. Combinations of these may also form a given embodiment.

In view of the foregoing, it will be understood that the present disclosure describes features which can be used independently of one another in embodiments that focus on different approaches. Many features described here could be provided in a given commercial product or services package, but may nonetheless be patentably distinct. Determinations of patentable distinctness are made after a disclosure is filed, and are made by patent examination authorities.

It may be helpful, however, to note the following. U.S. patent application serial no. 11870475 filed October 11, 2007 involves privacy reviews of electronic communications in an online community, from the perspective of a member of the online community, including for example a member manifesting consent to a privacy review. U.S. patent application Ser. No. 11/870,506 filed Oct. 11, 2007 also involves privacy reviews of electronic communications in an online community, but from the perspective of a service provider, including for example a service provider system determining that an electronic communication should be submitted to a privacy review. Each of these previous applications claims priority to the three provisional applications identified at the beginning of this present application, and there is some overlap in the specifications of this present application and the other non-provisional applications. It is respectfully submitted, however, that the different non-provisional applications claim different inventions.

It may also be helpful to note that one of the various ways in which features disclosed herein can be grouped is according to which entity acts. Some steps are unique to a role. A member does steps that are not done by a service provider, and vice versa.

It may also be helpful to note that another way to group features disclosed herein is according to the steps/structures employed.

For example, some embodiments employ avoidance criteria 118 and/or take steps to limit offline interaction based on information from online community members about their offline identity 140. Thus, some embodiments include accepting an avoidance criterion 118 from a member (current or prospective) of a social network 102; and limiting (reducing and/or preventing between those with overlapping avoidance criteria, and/or favoring and/or requiring between those with non-overlapping avoidance criteria) online interaction 110 between the member and at least one other member of the social network based at least in part on the members' avoidance criteria. In some, the social network accepts avoidance criteria 118 including a list of personal territories from the member, and limits online interaction based on the personal territories of the members.

As another example, some embodiments employ privacy concern trigger and/or take steps to alert online community members when their offline identity information might be disclosed by a communication. Thus, some embodiments include automatically scanning a communication from a member (current or prospective) of a social network for at least one privacy concern trigger; and submitting the communication to a privacy quality control reviewer after finding at least one privacy concern trigger. In some, the privacy quality control reviewer anonymously reviews the communication and indicates an extent to which the reviewer has concluded that the communication is likely to disclose offline identity information of the member.

As another example, some embodiments employ username mapping and/or take steps to hide/change usernames to make an online community member's online identity a moving target or otherwise difficult to permanently pin down. Thus, some embodiments include accepting a user-visible (internal) username from a user of a website, phone, PDA, or other networked service; and displaying a different username (external) username for that same user to other users of the service. Some also include dynamically changing the external username while maintaining the associated internal username; the change may be on an automated schedule, and/or at specific request of the user, and/or in response to some indication (detected automatically or manually) that the privacy of the user may be compromised or near compromise.

As another example, some embodiments provide privacy protection through username restrictions that limit username content to reduce or avoid use of offline identity information in usernames.

Features disclosed herein may also be categorizable into patentably distinct embodiments in other ways. Regardless, we now turn to more detailed examples of ways in which features may be organized.

In the following examples particular attention is paid to anonymous social networking with community-based privacy reviews, from a reviewed person's perspective.

Some embodiments include a method for use by a first person belonging to an online community, the first person having an online identity published within the online community, the first person also having an offline identity which the first person has asserted should not be published in the online community, the method including the first person: consenting to a privacy review of a communication between the first person and a second person who also belongs to the online community; and receiving a result of the privacy review, the result indicating the extent to which the communication was considered to pose a risk of disclosing at least part of the first person's offline identity in the online community.

In some cases, the first person receives notice that the privacy review is based at least in part on scanning communications before they are delivered to their identified destination(s) in the online community.

In some cases, the first person receives notice that the privacy review is based at least in part on manually and/or automatically scanning communications for at least one of the following: personal name, family name, phone number, offline address, online address, geographic name, landmark name, questions seeking geographic information, statements containing geographic information, questions seeking employment information, statements containing employment information, gender, race, ethnicity, age, title, profession.

In some cases, the first person consents to privacy review of the communication by a third person who also belongs to the online community, and the third person has an offline identity which is not disclosed to the first person. In some cases, the first person consents to privacy review of the communication by a third person, and the method further includes the first person providing an opinion about the third person's privacy review. In some cases, the first person consents to privacy review of the communication by a third person, and the method further includes the first person receiving a reputation summary indicative of the third person's reputation for privacy reviews, based on multiple privacy reviews performed by the third person. In some cases, the first person consents to privacy review of the communication by a third person who also belongs to the online community, and the third person is at an offline location which lies outside a list of territories specified by the first person.

Some methods further include the first person editing the communication, in response to the privacy review, before the communication reaches the second person. Some include the first person submitting the edited communication to another privacy review.

In some embodiments, the first person receives notice that their offline identity is hidden from any person who performs a privacy review on their communication. In some, the first person receives notice that their online identity is hidden from any person who performs a privacy review on their communication.

In some embodiments, the first person consents to privacy review of some images in communications from the first person to another person in the online community. In some, the first person consents to privacy review of all images in communications from the first person to another person in the online community. In some, the first person consents to privacy review of some online addresses in communications from the first person to another person in the online community, and online addresses include at least website addresses and email addresses. In some, the first person consents to privacy review of all online addresses in communications from the first person to another person in the online community. In some, the first person consents to privacy review of offline addresses in communications from the first person to another person in the online community.

In some embodiments, the first person receives notice that the privacy review includes automatically scanning a communication and then submitting the communication to a person for privacy review if a privacy concern trigger is found by the automatic scanning.

In the following examples particular attention is paid to anonymous social networking with offline encounter avoidance criteria 118, from a service provider's perspective.

Some embodiments include a method to help reduce the risk of offline encounters between members 100 of an online community 102, the method including: obtaining a first avoidance criterion 118 from a first member of the online community, the first avoidance criterion specifying an aspect of the first member's offline life that is designated by the first member to be shielded from the first member's online life; obtaining a second avoidance criterion 118 from a second member of the online community, the second avoidance criterion specifying an aspect of the second member's offline life that is designated by the second member to be shielded from the second member's online life; and using the avoidance criteria to determine 334 an offline encounter risk level 160 of the two members, namely, a value which is based at least in part on the extent of overlap, if any, between their avoidance criteria.

In some embodiments, a method includes securely storing the obtained avoidance criteria 118 such that a member's choice of avoidance criteria is not published in the online community 102 to other members. Some embodiments include at least one of the following: securely storing 316 offline identity information about members so that it is not published in the online community to other members; informing 302 members that their offline name is not required and then allowing them to post communications 110 in the online community without first providing their offline names.

Some embodiments include displaying 322 to one of the members an indication 144 of the number of members of the online community 102 whose avoidance criteria 118 overlap at least one avoidance criterion of that member, thereby allowing that member to estimate the reduction in online community access which would result from retaining the at least one avoidance criterion. An indication 144 of the number of members may be numeric or visual (e.g., partially filled bar or map), and may be an exact count or an estimate.

Some embodiments include regulating 336 communication between the first member and the second member in accordance with their offline encounter risk level, with a goal of reducing the risk that they will encounter each other offline as a result of communications 110 in the online community 102.

In some embodiments, the obtaining steps obtain geographic territory designations 118, and communication between the two members is regulated 336 in at least one of the following ways: direct communication between the two members is not supported 324 by online community services when their respective geographic territory designations overlap; direct communication between the two members is suggested 330 by an online community service when their respective geographic territory designations do not overlap.

In some embodiments, the obtaining steps obtain geographic territory designations, and the method further includes submitting a communication to the second member for privacy review when the respective geographic territory designations of the two members do not overlap, the communication being from the first member and also being not addressed to the second member by the first member.

In some embodiments, the obtaining steps obtain geographic territory designations 118, and the method further includes informing 302 a member of at least one of the following: the territory in which the member resides should be designated, the territory in which the member resides must be designated, the territory in which the member resides will be automatically designated, at least one territory in which a member does not reside may be designated, a territory in which the member plans to travel should be designated, a territory in which the member plans to travel must be designated, a territory in which the member plans to travel may be designated.

In some embodiments, the obtaining steps obtain geographic territory designations 118, and the method further includes informing 302 a member of at least one of the following: at least one territory should be designated, at least one territory must be designated, at least N territories should be designated (N being a stated value greater than one), at least N territories must be designated, territories which together have at least a specified total area should be designated, territories which together have at least a specified total area must be designated, territories which together have at least a specified total population should be designated, territories which together have at least a specified total population must be designated.

In some embodiments, the obtaining steps obtain geographic territory designations 118, and the method further includes automatically determining 312 a member's likely residence and then including 310 within that member's avoidance criteria at least one covering geographic territory, that is, a territory which includes the member's likely residence. In some, the steps of automatically determining the member's likely residence and including a covering geographic territory are performed transparently to the member.

In some embodiments, the obtaining steps obtain designations 118 of at least one of the following: geographic territory, profession, a discussion topic listed as appropriate for an existing forum in the online community, gender, marital status, ethnicity, race, age, offline family name, offline personal name, organization membership, religious affiliation, membership in one or more specified online communities, thereby allowing members 100 to designate characteristics of other members who they wish to avoid encountering.

A specified aspect 118 of offline life may be past, present, and/or contemplated in the future; it need not come about to be specified as an avoidance criterion 118. It may even be intended solely as a buffer, e.g., specifying an entire state 118 instead of merely specifying a county within the state even if there are no plans to travel outside the county.

In some embodiments, the first obtaining step obtains designations of multiple avoidance criteria 118 from the first member, and the offline encounter risk level 160 depends on at least two of those multiple avoidance criteria. In some, the first obtaining step obtains designations of multiple avoidance criteria from the first member in a Boolean expression 136. Boolean expression operators may be implicit, e.g., a blank space could be used to denote a logical AND operator.

Some embodiments include obtaining 332 from the first member an indication of a first acceptable level of risk, which represents the first member's willingness to risk encountering offline some other member of the online community, and obtaining 332 from the second member an indication of a second acceptable level of risk, which represents the second member's willingness to risk encountering offline some other member of the online community. Some include at least one of the following steps: hiding 326 online community contact information of each of the two members from the other member after determining that the offline encounter risk level of the two members exceeds a level corresponding to the level of acceptable risk indicated by at least one of two members; displaying 330 to at least one of the two members 100 an online community username of the other member after determining that the offline encounter risk level of the two members is less than the level(s) of acceptable risk indicated by the two members; introducing 330 the first member and the second member online using their respective usernames, after determining that the offline encounter risk level of the two members is less than the level(s) of acceptable risk indicated by the two members.

In some embodiments, the offline encounter risk level 160 of the two members exceeds a predetermined value, and the method further includes hiding 328 from each of the two members communications 110 which are posted in the online community 102 by the other of the two members. In some, the hiding step hides at least one of the following: a blog posting, a forum posting, a member profile, a member username, an electronic communication.

In some embodiments, the step of obtaining a first avoidance criterion occurs during registration of the first member 100, and that registration must be completed before the first member can post any communication to other members in the online community 102. In some, the step of obtaining a first avoidance criterion 118 occurs after registration of the first member and modifies a previously obtained set containing at least one first member avoidance criterion, and the method further includes re-determining 334 the offline encounter risk level of the two members in view of the modified avoidance criterion. In some embodiments, securely storing data does not preclude data access by authorized administrative personnel.

In the following examples particular attention is paid to anonymous social networking with offline encounter avoidance criteria, from an online community member's perspective.

Some embodiments include a method for an online community 102 member 100 to use to help reduce the risk of an offline encounter with another member of the online community, the method including the online community member: receiving notice that communications 110 in an online community will be regulated in order to reduce online communication between community members who have overlapping avoidance criteria 118; and ratifying 222 an avoidance set 116 which includes at least one avoidance criterion.

In some embodiments, the ratifying step 222 includes at least one of the following: the online community member selecting 216 at least one avoidance criterion from displayed selectable avoidance criteria, the online community member communicating 232 in the online community 102 while subject to an avoidance criterion 118 which is automatically included 310 in the avoidance set 116. Some embodiments include the online community member reviewing selectable avoidance criteria 126 displayed by an online community service provider. Some include the online community member receiving 214 notice 124 that a given member's avoidance set is not published in the online community to other members. Some include the online community member receiving 224 an indication 144 of the number of other members of the online community whose avoidance criteria overlap that member's avoidance set.

In some embodiments, the receiving notice step includes receiving 212 notice 124 that communications will be regulated with the goal of preventing 324 any direct communication in the online community between community members who have overlapping avoidance criteria 118. In some, the receiving notice step includes receiving 210 notice that communications 110 in the online community will be regulated with the goal of hiding 328, from each of two members who have overlapping avoidance criteria 118, the online presence of the other of the two members.

Some embodiments include the online community member modifying the avoidance set by at least one of the following: selecting an avoidance criterion to include in the avoidance set 116, selecting an avoidance criterion to exclude from the avoidance set. In some, the avoidance set includes at least one geographic territory designation, thereby indicating that the online community member 100 will have reduced communication in the online community 102 with other members who may be physically located in the designated geographic territory(ies).

In some embodiments, the online community member is a first member, and the method further includes the first member consenting to allow privacy review of one of its online communications by a privacy reviewer if the privacy reviewer is also a member of the online community who has designated at least one geographic territory in a privacy reviewer avoidance set, and if the privacy reviewer avoidance set does not overlap the geographic territory(ies) designated in the first member's avoidance set. In some, the avoidance set includes at least the territory in which the online community member resides. In some, the avoidance set includes at least one territory in which the online community member does not reside but plans to travel.

In some embodiments, the avoidance set ratifying step 222 includes selecting a geographic territory using a Boolean combination 136 of constituent territories. In some, the ratifying step 222 includes selecting designations of at least one of the following: geographic territory, profession, a discussion topic listed as appropriate for an existing forum in the online community, gender, marital status, ethnicity, race, age, offline family name, offline personal name, organization membership, religious affiliation, specified online community membership, thereby allowing the online community member to designate characteristics 118 of other members who the online community member wishes to avoid encountering. In some, the ratifying step 222 includes selecting designations of multiple avoidance criteria combined in a Boolean expression 136.

Some embodiments include the online community member accessing the online community through a username which has been subjected to privacy review to reduce the risk that it will disclose information about the online community member's offline identity.

Some embodiments include the online community member specifying 226 an acceptable level of risk 164, which represents the member's willingness to risk encountering offline some other member 100 of the online community 102.

In some embodiments, the online community member is a first member, and the method includes the first member receiving 228 an introduction 146 to another online community member whose avoidance criteria 118 do not overlap the first member's avoidance set 116. In some, the online community member is a first member, and the method includes the first member attempting 230 unsuccessfully to communicate directly in the online community with another online community member whose avoidance criteria 118 overlaps the first member's avoidance set 116.

In the following examples, particular attention is paid to privacy protection through username restrictions.

Some embodiments include a method for use by an online service provider to help maintain the privacy of offline identities of online users, the method including: testing a proposed username by comparing at least a portion of its content to a set of personal identification information tokens; and accepting the proposed username if it satisfies a predetermined privacy criterion, the privacy criterion being defined in terms of matches to personal identification information tokens.

In some embodiments, the testing step compares proposed username content to tokens using at least one of the following: an interactive question-and-answer session; an automatic string operation. In some embodiments, the testing step compares proposed username content to tokens obtained from personal information supplied by an online user, and the privacy criterion is defined in terms of avoiding matches to those tokens. In some, the testing step compares proposed username content to tokens obtained from at least one of: a directory of offline addresses, a directory of online addresses, a directory of names, a directory of phone numbers, and the privacy criterion is defined in terms of avoiding matches to those tokens. In some, the testing step compares proposed username content to tokens obtained from at least one of: a database of registrations, a database of licenses, a database of grants, a database of government records, and the privacy criterion is defined in terms of avoiding matches to those tokens. In some, the testing step compares proposed username content to tokens obtained from a collection of fictional names, and the privacy criterion is defined in terms of matching those tokens. In some, the testing step compares proposed username content to a result of an online search engine search.

Some embodiments include accepting the proposed username from an online user before testing the proposed username. Some include automatically generating the proposed username before testing the proposed username.

Some embodiments include a method for username selection which reduces the risk that a username will disclose information about an online user's offline identity, the method including: receiving a question regarding a proposed username and its relation, if any, to the online user's offline identity; and answering the question. Some include receiving additional questions regarding the proposed username and its relation, if any, to the online user's offline identity, and answering the additional questions.

Some embodiments include proposing a username. Some include specifying an acceptable level of risk that the proposed username will disclose information about the online user's offline identity. Some include stating that the proposed username is a fictional name.

Some embodiments include receiving and answering at least one of the following questions: whether the proposed username contains any part of your name, whether the proposed username contains any part of the name of anyone in your family, whether the proposed username contains any part of the name of anyone you have met, whether the proposed username contains the name of a pet, whether the proposed username contains a nickname, whether the proposed username contains the name of your employer, whether the proposed username contains the name of a business you are connected with, whether the proposed username refers to your religious or spiritual beliefs, whether the proposed username refers to your political beliefs, whether the proposed username refers to any organization to which you belong or which you support, whether the proposed username contains any part of any of your email addresses, whether the proposed username contains any part of a website address, whether the proposed username contains any part of any of your offline addresses, whether the proposed username contains any part of any of your phone numbers, whether the proposed username refers to any of your physical characteristics (e.g., height, weight, gender, race, hair color, eye color, tattoos, disabilities), whether the proposed username refers to your ethnicity. Some embodiments include reading part of a search engine search result and being asked whether it pertains to you or anyone you know.

In the following examples, particular attention is paid to privacy protection through username mapping.

Some embodiments include a method for use by an online service provider to help maintain the privacy of offline identities of online users, the method including: assigning a first user of an online service a private username which is not kept hidden from the first user but is kept hidden from other users of the online service; and assigning the first user at least one public username which is kept hidden from the first user but is not kept hidden from at least some other users of the online service.

Some embodiments include receiving from the first user content directed to at least one other user; and displaying the content together with an attribution which depends on the online service account used, namely, showing an attribution to the private username when the first user is logged in and showing an attribution to a public username when another user is logged in.

Some embodiments include associating geographic territories with users of the online service; the content is hidden from display to other users whose associated geographic territory overlaps the first user's associated geographic territory. Some include associating geographic territories with users of the online service, and all public usernames assigned to the first user are kept hidden from other users whose associated geographic territory overlaps the first user's associated geographic territory.

In some embodiments, at least two different public usernames of a given user are in active use and displayed in each of at least two respective geographic territories at one time.

In some embodiments, the private username is chosen by the online user, in some it is assigned by the system, and in some it is chosen by the user subject to approval by the system. The public names are generated by the system. Different public (aka external) usernames of a given user may be used in different geographic regions and/or in different forums. The system may autogenerate usernames by combining root words, numeric values, and in some cases associated images (which do not contain realistic user likenesses). Hiding a username does not necessarily preclude revealing it to an authorized administrator, but in some embodiments the correlation between users and usernames is not readily determined even by such administrators.

CONCLUSION

Although particular embodiments are expressly illustrated and described herein as methods or systems, it will be appreciated that discussion of one type of embodiment also generally extends to other embodiment types. For instance, the descriptions of methods in connection with FIGS. 2 and 3 also help describe systems like those described in connection with FIG. 1, and vice versa. Likewise, example method embodiments help describe system embodiments that operate according to those methods, product embodiments produced by those methods (such as a listing showing personal territories to avoid meeting members from), and configured media embodiments in which a medium is configured by data and instructions to perform those methods. It does not follow that all limitations from a given embodiment are necessarily read into another.

Components, steps, and other aspects of different examples given herein may be combined to form a given embodiment.

Reference has been made to the figures throughout by reference numerals. Any apparent inconsistencies in the phrasing associated with a given reference numeral, in the figures or in the text, should be understood as simply broadening the scope of what is referenced by that numeral.

As used herein, terms such as “a” and “the” are inclusive of one or more of the indicated item or step. In particular, in the claims a reference to an item generally means at least one such item is present and a reference to a step means at least one instance of the step is performed.

Reference to avoidance “criteria” contemplates the plural “criteria” and/or the singular “criterion” unless two or more criteria are clearly required, e.g., for comparison of criteria. Reference to avoidance “criterion” means one or more avoidance criteria.

Headings are for convenience only; information on a given topic may be found outside the section whose heading indicates that topic.

All claims as filed are part of the specification. Repeated claim language may be inserted outside the claims as needed.

While exemplary embodiments have been shown in the drawings and described above, it will be apparent to those of ordinary skill in the art that numerous modifications can be made without departing from the principles and concepts set forth in the claims. Although the subject matter is described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above the claims. It is not necessary for every means or aspect identified in a given definition or example to be present or to be utilized in every embodiment. Rather, the specific features and acts described are disclosed as examples for consideration when implementing the claims.

All changes which come within the meaning and range of equivalency of the claims are to be embraced within their scope to the full extent permitted by law. 

What is claimed is: 1-24. (canceled)
 25. A computerized method for use by an online service provider for online identity management, the method comprising: a computer system reading a user's offline identity information from secure storage; the computer system automatically generating from the user's offline identity information a proposed web address which includes at least a portion of the user's offline identity information; and the computer system displaying the proposed web address to the user.
 26. The method of claim 25, wherein the user has multiple online identities managed by the online service provider.
 27. The method of claim 25, wherein the computer system automatically generates from the user's offline identity information a proposed web address which includes at least one of the following: the user's offline personal name, the user's offline family name.
 28. The method of claim 25, wherein the computer system automatically generates from the user's offline identity information a proposed web address which includes the user's offline legal name.
 29. The method of claim 25, wherein the method further comprises the computer system gathering offline identity information from the user during registration of the user as a member of an online community.
 30. The method of claim 25, wherein the method further comprises the computer system informing the user that entering an offline name is required to participate in an online community.
 31. The method of claim 25, wherein the method further comprises the computer system requiring that the user accept a level of offline encounter risk before the user can participate fully in an online community, where the level offline encounter risk represents the user's willingness to risk encountering offline some other member of the online community.
 32. The method of claim 25, wherein the method further comprises the computer system accepting the proposed web address from the user.
 33. The method of claim 25, wherein the proposed web address includes an offline name of the user, and the method further comprises the computer system using the proposed web address in a social network.
 34. The method of claim 25, wherein the proposed web address includes a nickname of the user, and the method further comprises the computer system using the proposed web address in a social network.
 35. The method of claim 25, wherein the method further comprises the computer system subsequently disabling the proposed web address.
 36. The method of claim 25, wherein the method further comprises the computer system subsequently disabling the proposed web address without notifying the user.
 37. The method of claim 25, wherein the method further comprises the computer system changing the proposed web address.
 38. The method of claim 25, wherein the computer system uses the proposed web address as a web address of a personal web page of the user.
 39. A computerized method for use by an online service provider for online identity management, the method comprising: a computer system reading a user's offline name from offline identity information located in a secure storage; the computer system automatically generating a web address which includes at least a portion of the user's offline name; and the computer system managing access to a web page in an online community using the generated web address.
 40. The method of claim 39, wherein the computer system uses the generated web address as a web address of a personal web page of the user in a social network.
 41. The method of claim 39, wherein the online community is part of a social network.
 42. The method of claim 39, wherein the user has multiple online identities managed at least in part by the online service provider.
 43. The method of claim 39, wherein the computer system reads the user's offline name from offline identity information located in a database of user registrations in the secure storage.
 44. The method of claim 39, wherein the computer system manages access to a web page of the user in a social network using the generated web address. 